IGA 4.2 - Login Failed

After starting a fresh install of IGA and authentication server on the same sever, I'm not able to login.

Tthe OSP-IDM.date.log says:

Log Data: Validation of authentication service configuration resulted in one or more errors:

Validation messages (10):
1) Error:
AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/Client[id=workflow]
Duplicate client identifier.
2) Warning:
AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/OAuth2Clients/Client[id=wfconsole,uri=/wfconsole/oauth.html]/Url
Redirect URI missing scheme.
3) Warning:
AuthenticationService[OSP Configuration (id=auth)]/Authentication/Protocols/OAuth2Protocol/Client[id=workflow]
Client[id=workflow] is disabled due to configuration errors.

.... And som more warnings referring to RFC 6819

and then at the time when trying to login :

Preamble: [OIDP idm]
Txn: a3Nm4cm2EgrdawBQVpqprw
Priority Level: WARNING
Java: internal.osp.oidp.service.source.ldap.LDAPSource.search() [734] thread=https-openssl-nio-443-exec-7
Elapsed time: 35.28 milliseconds
Time: 2024-02-12T16:41:42.328+0100
Log Data: Admin search:
Admin search:

Can't figure out where installation/configuration gone wrong ...

Parents
  • 0  

    Hello,
    The errors/warns you outlined will not stop one from being able to Authenticate. There is a major difference between Authentication and Authorization.

    Authentication for most customers is handled by OSP (some use Access Manager as the OAuth provider). OSP will look-up the user in eDirectory or Active Directory, if found update information on that user in the Identity Vault, create an OAuth token, and redirect back to Identity Governance, Identity Reporting, or External Workflow.

    Authorization then happens at Identity Governance, Identity Reporting, or External Workflow. Meaning these modules/components then parse the OAuth Token and utilize that information to confirm if the Authenticated user is allowed to perform actions in their module/component. Based upon their look-up the user is the granted certain access rights or presented with a message outlining they are not authorized. If the user is unknown to the module/component, they can receive a message similar to:

    Steven Williams is authenticated, but does not have any rights to this system. Please logout.

    Questions:
    1) When one tries to access Identity Governance, Identity Reporting, or External Workflow, are you redirected to the OSP Login page?

    2) If yes #1, after providing an ID and Password do you receive message about invalid ID/Password OR are you redirected back to one (1) of the above applications and then receive a different message in the UI OR the page does not render?

    3) Is OSP deployed on the same tomcat as Identity Governance?

    4) Is OSP pointing to eDirectory or Active Directory for the Identity Vault?


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0 in reply to   

    Thanx for answering.

    1) Yes - i'm redirected to OSP login page. And as it is a clean install,

    2)  "Logon failed - try again" (translated from Swedish)  I'm trying to log on using the bottstrap account (from Active Directory - not from file)

    3) Yes

    4) Active Directory

Reply Children